This report provides an in-depth technical analysis of the backdoor and its capabilities, and analyzes the connection between Kapeka and Sandworm group. The purpose of this report is to raise awareness amongst businesses, governments, and the broader security community. WithSecure has engaged governments and select customers with advanced copies of this report. In addition to the report, we are releasing several artifacts developed as a result of our research, including a registry-based & hardcoded configuration extractor, a script to decrypt and emulate the backdoor’s network communication, and as might be expected, a list of indicators of compromise, YARA rules, and MITRE ATT&CK mapping

APT44 is a threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations.

What happened in Denmark can also happen to you, cybersecurity researchers are warning in a new report that examines attacks against the country’s energy sector last year.

Waves of incidents in May that seemed like a highly-targeted effort by a nation-state actor — perhaps Russia’s Sandworm hacking group — might have been less connected than originally thought, according to a new report by Forescout.

The researchers say their analysis found two distinct waves against Danish energy providers, and evidence suggests they were unrelated.

Des experts en sécurité informatique ont enquêté sur un piratage, jusqu'alors inconnu, du groupe «Sandworm» sur le réseau électrique ukrainien.

This ICS/OT attack represents the latest evolution in Russia's cyber physical attack capability.

The attack was the first in five years to use Sandworm's Industroyer malware.